Fixes for memory access violations triggered by running addr2line on fuzzed binaries.

PR binutils/17512
	* addr2line.c (slurp_symtab): If the symcount is zero, free the
	symbol table pointer.

	* dwarf2.c (concat_filename): Check for an empty directory table.
	(scan_unit_for_symbols): Check for reading off the end of the
	unit.
	(parse_comp_unit): Check for a DW_AT_comp_dir attribute with a
	non-string form.
	* elf64-ppc.c (opd_entry_value): Fail if there are no relocs
	available.

bfd/ChangeLog

@@ -4,6 +4,14 @@
 	* pdp11.c (aout_get_external_symbols): Return false if there are
 	no symbols.
 
+	* dwarf2.c (concat_filename): Check for an empty directory table.
+	(scan_unit_for_symbols): Check for reading off the end of the
+	unit.
+	(parse_comp_unit): Check for a DW_AT_comp_dir attribute with a
+	non-string form.
+	* elf64-ppc.c (opd_entry_value): Fail if there are no relocs
+	available.
+
 2015-01-26  Kuan-Lin Chen  <kuanlinchentw@gmail.com>
 
 	* elf32-nds32.c (nds32_elf_pick_relax): Fix again setting.

bfd/dwarf2.c

@@ -1387,7 +1387,9 @@ concat_filename (struct line_info_table *table, unsigned int file)
       char *name;
       size_t len;
 
-      if (table->files[file - 1].dir)
+      if (table->files[file - 1].dir
+	  /* PR 17512: file: 7f3d2e4b.  */
+	  && table->dirs != NULL)
 	subdir_name = table->dirs[table->files[file - 1].dir - 1];
 
       if (!subdir_name || !IS_ABSOLUTE_PATH (subdir_name))
@@ -2340,6 +2342,10 @@ scan_unit_for_symbols (struct comp_unit *unit)
       bfd_vma high_pc = 0;
       bfd_boolean high_pc_relative = FALSE;
 
+      /* PR 17512: file: 9f405d9d.  */
+      if (info_ptr >= unit->stash->info_ptr_end)
+	goto fail;
+      
       abbrev_number = read_unsigned_leb128 (abfd, info_ptr, &bytes_read);
       info_ptr += bytes_read;
 
@@ -2721,6 +2727,15 @@ parse_comp_unit (struct dwarf2_debug *stash,
 	case DW_AT_comp_dir:
 	  {
 	    char *comp_dir = attr.u.str;
+
+	    /* PR 17512: file: 1fe726be.  */
+	    if (! is_str_attr (attr.form))
+	      {
+		(*_bfd_error_handler)
+		  (_("Dwarf Error: DW_AT_comp_dir attribute encountered with a non-string form."));
+		comp_dir = NULL;
+	      }
+
 	    if (comp_dir)
 	      {
 		/* Irix 6.2 native cc prepends <machine>.: to the compilation

bfd/elf64-ppc.c

@@ -5978,6 +5978,9 @@ opd_entry_value (asection *opd_sec,
   relocs = ppc64_elf_tdata (opd_bfd)->opd.relocs;
   if (relocs == NULL)
     relocs = _bfd_elf_link_read_relocs (opd_bfd, opd_sec, NULL, NULL, TRUE);
+  /* PR 17512: file: df8e1fd6.  */
+  if (relocs == NULL)
+    return (bfd_vma) -1;
 
   /* Go find the opd reloc at the sym address.  */
   lo = relocs;

binutils/ChangeLog

@@ -4,6 +4,9 @@
 	* dlltool.c (identify_search_archive): If the last archive was the
 	same as the current archive, terminate the loop.
 
+	* addr2line.c (slurp_symtab): If the symcount is zero, free the
+	symbol table pointer.
+
 2015-01-23  Nick Clifton  <nickc@redhat.com>
 
 	* nlmconv.c (powerpc_mangle_relocs): Fix build errors introduced

binutils/addr2line.c

@@ -140,6 +140,14 @@ slurp_symtab (bfd *abfd)
       syms = xmalloc (storage);
       symcount = bfd_canonicalize_dynamic_symtab (abfd, syms);
     }
+
+  /* PR 17512: file: 2a1d3b5b.
+     Do not pretend that we have some symbols when we don't.  */
+  if (symcount <= 0)
+    {
+      free (syms);
+      syms = NULL;
+    }
 }
 
 /* These global variables are used to pass information between